Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Upcoming Live Events

Be sure to stay tuned for breaking news on our 2015 conference and expo, which promises to deliver even more innovative programming and an enhanced showcase of the latest cyber security solutions you must see.

Microsoft on Wednesday announced new components to its Coordinated Vulnerability Disclosure program, unveiled last summer to enhance transparency around the discovery, response and handling of security flaws.

Mozilla on Wednesday began offering cash rewards to researchers who discover vulnerabilities in its web applications. The move extends the company's bounty program beyond incentives for finding flaws only in its Firefox web browser, or web applications that are considered "critical" or "extraordinary" risks to customer security, according to a Tuesday blog post. Bounties will range from $500 to $3,000. A list of the domains and web applications covered under the expanded program are listed here. - DK

Email and web security provider Barracuda Networks announced Tuesday that it has launched a bug bounty program, becoming what is believed to be the first security vendor to award money to researchers who uncover vulnerabilities in its product line. Flaw finders can cash in between $500 and $3133.70 for locating bugs that compromise confidentiality, availability, integrity or authentication, according to Barracuda. Software providers such as Google and Mozilla offer similar programs. - DK

Microsoft devoted yet another patch this month to close off the possible spread of the insidious Stuxnet worm, which was built to target industrial control systems, specifically products manufactured by SCADA manufacturer Siemens.

Google on Thursday acknowledged the two-year anniversary of its Chrome browser with a new stable channel version that addresses more than a dozen security vulnerabilities. The flaws may allow an attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, or conduct spoofing attacks, according to an advisory posted by the US-CERT on Friday. Google, which provides monetary rewards for the disclosure of security bugs, paid out $4,337 in bounties for the vulnerabilities. The Chrome 6.0.472.53 stable channel update is available for Windows, Mac and Linux users. — AM

The IBM X-Force research team has revised a part of its recently released trends and risk report that analyzed how well popular software vendors did in patching vulnerabilities disclosed in the first half of the year.

Google late last week fixed 11 security flaws in its Chrome web browser that could allow an attacker to execute arbitrary code, cause a denial-of-service, or conduct spoofing attacks, according to an advisory from the US-CERT. Google, which provides monetary rewards for the disclosure of security bugs, paid more than $10,000 to various researchers for the flaws. The Google Chrome 5.0.375.127 stable channel update is available for Windows, Mac and Linux users. — AM

Alex Stamos of iSEC partners offers his take on the usefulness of incentive programs that encourage researchers to privately report vulnerabilities to vendors, in exchange for cash. While the initiatives might fatten the wallets of bug hunters, some believe it taints the mission of white-hat hackers.

In an effort to take back some of the control from vendors, the leading third-party bug bounty program plans to give providers six months to fix reported vulnerabilities -- or face limited public disclosure.

Fresh off the controversy of one of its researchers publicly dropping a Microsoft zero-day vulnerability, Google now is hoping to lead the development of industry-accepted standards for vulnerability disclosure.

RECENT COMMENTS

FOLLOW US

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.